Get In Touch
When you consider security solutions, there is no catchall Internet security solution that addresses every web application security challenge. A multi-layered approach to Internet security is the most effective way to guard against all types of cyber-attacks, including DDoS, application-layer attacks and data breaches. But this is much more security technology and tools. You need to add what we call "Internet hygiene" to your defenses - taking internal measures to
Articles I'm reading include such topics as the mounting cost of social engineering, the Mayhem Botnet's exploitation of Shellshock, and some tips for better security in the healthcare industry.
Akamai Edge 2014 continues today with the second day of Akamai University and API Boot camp. To coincide with this, I'm running two security lessons that are part of an upcoming video series. This is the final installment, and was written by Akamai program managers James Salerno and Dan Philpott.First installment: Vulnerability Management vs. Penetration Testing
Akamai Edge 2014 begins today and tomorrow with two days of Akamai University and API Boot camp. To coincide with this, I'm running two security lessons that are part of an upcoming video series. This is the first installment, written by Akamai CSIRT researcher Patrick Laverty.
Akamai Edge attendees will hear the names of two security vulnerabilities a lot this week: Shellshock and Heartbleed. Both shook the security industry to the core this year, and Akamai security staff spent countless hours working to protect customers against these threats.Before Edge gets underway, here are some resources to get familiar with what we've done to address the threats.More on the Web Security Track at Akamai Edge 2014:Akamai Edge
Akamai has created custom rules to help protect customers from the Shellshock-Bash vulnerabilities. The official names of these vulnerabilities and the WAF rules to address them are as follows:
Yesterday, we released an article on Akamai's security site detailing all of the CVE advisories now in circulation for Shellshock, and how they relate to Akamai's mitigation strategies. At the time we published, details had not yet been released for two of the six advisories -- CVE-2014-6277 and CVE-2014-6278. Late yesterday, those details were finally released.
The Shellshock vulnerability, originally announced as one critical issue in bash that allowed an adversary to execute arbitrary code, has grown from one vulnerability to six in the last week. For background on Shellshock, we've collected an overview and list of the vulnerabilities; for some history on Akamai's initial responses, read our original blog post. Shellshock raised a lot of questions among our customers, peers, auditors, and prospects. This
In two weeks, I'll be at the Akamai Edge customer conference. It's a terrific opportunity to meet face-to-face with a lot of our customers and get their feedback on what's working for them and what we can improve upon. A robust Web Security track of talks is planned, and I'll be blogging about it. The security track will run each day of Edge. Here's a partial list of what's planned: